General
-
Target
r.php
-
Size
440KB
-
Sample
201202-ff2b8wv312
-
MD5
be211fc134a945398f96e3cfe8ac0acd
-
SHA1
1546aed93ddf813d13635664470454bf40d89056
-
SHA256
5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42
-
SHA512
7205a3ac02803fc26b8d895edbad0319d0ce40cfb84250e7fd08bf13bdf6df022784e75e672be2f28621aa94f78de41815d326edfd44599937d15d057dff9902
Static task
static1
Behavioral task
behavioral1
Sample
r.php.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
r.php.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
nut
02/12
https://www.alhasanatbooks.com/reader.php
https://aflim.org.ng/wp-punch.php
https://sardarmohammad.com/reports.php
https://erikarabelo.com.br/server.php
https://thechapelofthehealingcross.org/java.php
https://grebcanualcwilfprofal.ml/wp-smarts.php
Targets
-
-
Target
r.php
-
Size
440KB
-
MD5
be211fc134a945398f96e3cfe8ac0acd
-
SHA1
1546aed93ddf813d13635664470454bf40d89056
-
SHA256
5c5c8af2a703aa1842f4ce9f9e83aeeac0e2cc2d3ed1bf9f9ad72b7f77e89a42
-
SHA512
7205a3ac02803fc26b8d895edbad0319d0ce40cfb84250e7fd08bf13bdf6df022784e75e672be2f28621aa94f78de41815d326edfd44599937d15d057dff9902
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-